Skip to main content

Critical Update for VMware Products

VMware has released a critical security update to address ten vulnerabilities in multiple VMware products, including Workspace ONE Access Manager and Identity Manager (vIDM)

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

VMware has released a critical security update to address ten vulnerabilities in multiple VMware products, including Workspace ONE Access Manager and Identity Manager (vIDM)


Threat details

Exploitation of VMware products

VMware has updated their security advisory to confirm that malicious code that can exploit CVE-2022-31656 and CVE-2022-31659 is now publicly available.

Advanced Persistent Threat (APT) groups have quickly exploited vulnerabilities in VMware products in the past. Previously disclosed vulnerabilities (CVE-2022-22954, which was covered in Cyber Alert CC-4072, and CVE-2022-22972 and CVE-2022-22973, which were covered in CC-4097) in the same impacted VMware products received considerable attention globally from both security researchers and threat actors. Proof-of-concept and exploit code were rapidly produced for these vulnerabilities.

The latest vulnerabilities could be chained together, or used separately, to allow an attacker to take full control of a system.


Introduction

VMware have released security updates to address 10 new vulnerabilities in Workspace ONE Access, VMware Workspace ONE Access Connector (Access Connector), Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), vRealize Automation, VMware Cloud Foundation, and vRealize Lifecycle Manager products.

The critical vulnerability known as CVE-2022-31656 relates to authentication bypass and could allow an attacker with network access to the UI to gain administrative access without the need to authenticate. The advisory also addresses three different remote code execution and two local privilege escalation vulnerabilities. Privilege escalation could allow a local attacker to escalate privileges to root.

An attacker could use these vulnerabilities either separately or together to take control of an affected system.


Threat updates

Date Update
10 Aug 2022 Proof-of-concept code has been developed for CVE-2022-31656 and CVE-2022-31659

The security researcher who discovered the flaws has released a proof-of-concept exploit for CVE-2022-31656 and CVE-2022-31659. This exploit, which affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation, are publicly available. Although there are no reports of exploitation in the wild, organisations are encouraged to remediate as a matter of urgency.


Remediation advice

Affected organisations are required to review VMware's security advisory VMSA-2022-0021 and apply the relevant updates.

Additional information about these vulnerabilities can be found in VMware's VMSA-2022-0021 Questions & Answers.



Last edited: 10 August 2022 2:00 pm